Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in at 2015-11-02 12:54:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2015-10-14 16:43:21.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2015-11-02 12:54:43.000000000 +0100
@@ -1,0 +2,52 @@
+Wed Oct 28 09:47:38 MDT 2015 - carnold@suse.com
+
+- Upstream patches from Jan
+ 5604f239-x86-PV-properly-populate-descriptor-tables.patch
+ 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
+ 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
+ 561d20a0-x86-hide-MWAITX-from-PV-domains.patch
+ 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch
+
+-------------------------------------------------------------------
+Fri Oct 23 13:35:59 MDT 2015 - carnold@suse.com
+
+- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand
+ balloon size inaccuracy can crash guests (XSA-153)
+ xsa153-libxl.patch
+
+-------------------------------------------------------------------
+Fri Oct 16 08:40:31 MDT 2015 - carnold@suse.com
+
+- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain
+ vcpu pointer array (DoS) (XSA-149)
+ xsa149.patch
+- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain
+ profiling-related vcpu pointer array (DoS) (XSA-151)
+ xsa151.patch
+- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and
+ profiling hypercalls log without rate limiting (XSA-152)
+ xsa152.patch
+- Dropped
+ 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
+ 5604f239-x86-PV-properly-populate-descriptor-tables.patch
+
+-------------------------------------------------------------------
+Thu Oct 15 11:43:23 MDT 2015 - carnold@suse.com
+
+- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure
+ temporary file use in /net/slirp.c
+ CVE-2015-4037-qemuu-smb-config-dir-name.patch
+ CVE-2015-4037-qemut-smb-config-dir-name.patch
+- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table
+ size to avoid integer overflows
+ CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
+ CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
+
+-------------------------------------------------------------------
+Wed Oct 14 10:24:15 MDT 2015 - carnold@suse.com
+
+- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled
+ creation of large page mappings by PV guests (XSA-148)
+ CVE-2015-7835-xsa148.patch
+
+-------------------------------------------------------------------
Old:
----
55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
New:
----
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch
CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
CVE-2015-4037-qemut-smb-config-dir-name.patch
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-7835-xsa148.patch
xsa149.patch
xsa151.patch
xsa152.patch
xsa153-libxl.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xen.spec ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -158,7 +158,7 @@
%endif
%endif
-Version: 4.5.1_10
+Version: 4.5.1_13
Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0
@@ -205,41 +205,55 @@
Patch2: 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
Patch3: 551ac326-xentop-add-support-for-qdisk.patch
Patch4: 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch
-Patch5: 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch
-Patch6: 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
-Patch7: 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
-Patch8: 554cc211-libxl-add-qxl.patch
-Patch9: 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
-Patch10: 5576f178-kexec-add-more-pages-to-v1-environment.patch
-Patch11: 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
-Patch12: 558bfaa0-x86-traps-avoid-using-current-too-early.patch
-Patch13: 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
-Patch14: 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
-Patch15: 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
-Patch16: 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
-Patch17: 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
-Patch18: 559bdde5-pull-in-latest-linux-earlycpio.patch
-Patch19: 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch
-Patch20: 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
-Patch21: 55a77e4f-dmar-device-scope-mem-leak-fix.patch
-Patch22: 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
-Patch23: 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
-Patch24: 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
-Patch25: 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
-Patch26: 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
-Patch27: 55e43fd8-x86-NUMA-fix-setup_node.patch
-Patch28: 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
-Patch29: 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
-Patch30: 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
-Patch31: 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
-Patch32: 55f9345b-x86-MSI-fail-if-no-hardware-support.patch
-Patch33: 5604f239-x86-PV-properly-populate-descriptor-tables.patch
-Patch34: 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
-Patch35: 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
-Patch36: 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
-Patch37: 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
-Patch38: 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
-Patch39: 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch
+Patch5: 552d293b-x86-vMSI-X-honor-all-mask-requests.patch
+Patch6: 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
+Patch7: 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch
+Patch8: 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
+Patch9: 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
+Patch10: 554cc211-libxl-add-qxl.patch
+Patch11: 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
+Patch12: 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
+Patch13: 5576f178-kexec-add-more-pages-to-v1-environment.patch
+Patch14: 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
+Patch15: 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
+Patch16: 5583d9c5-x86-MSI-X-cleanup.patch
+Patch17: 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
+Patch18: 558bfaa0-x86-traps-avoid-using-current-too-early.patch
+Patch19: 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
+Patch20: 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
+Patch21: 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
+Patch22: 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
+Patch23: 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
+Patch24: 559bdde5-pull-in-latest-linux-earlycpio.patch
+Patch25: 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch
+Patch26: 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
+Patch27: 55a77e4f-dmar-device-scope-mem-leak-fix.patch
+Patch28: 55b0a218-x86-PCI-CFG-write-intercept.patch
+Patch29: 55b0a255-x86-MSI-X-maskall.patch
+Patch30: 55b0a283-x86-MSI-X-teardown.patch
+Patch31: 55b0a2ab-x86-MSI-X-enable.patch
+Patch32: 55b0a2db-x86-MSI-track-guest-masking.patch
+Patch33: 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
+Patch34: 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
+Patch35: 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
+Patch36: 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
+Patch37: 55e43fd8-x86-NUMA-fix-setup_node.patch
+Patch38: 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
+Patch39: 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
+Patch40: 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
+Patch41: 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
+Patch42: 55f9345b-x86-MSI-fail-if-no-hardware-support.patch
+Patch43: 5604f239-x86-PV-properly-populate-descriptor-tables.patch
+Patch44: 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
+Patch45: 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
+Patch46: 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
+Patch47: 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
+Patch48: 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
+Patch49: 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch
+Patch50: 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
+Patch51: 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
+Patch52: 561d20a0-x86-hide-MWAITX-from-PV-domains.patch
+Patch53: 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch
Patch131: CVE-2015-4106-xsa131-9.patch
Patch137: CVE-2015-3259-xsa137.patch
Patch139: xsa139-qemuu.patch
@@ -258,6 +272,11 @@
Patch14016: xsa140-qemut-6.patch
Patch14017: xsa140-qemut-7.patch
Patch142: CVE-2015-7311-xsa142.patch
+Patch148: CVE-2015-7835-xsa148.patch
+Patch149: xsa149.patch
+Patch151: xsa151.patch
+Patch152: xsa152.patch
+Patch153: xsa153-libxl.patch
# Upstream qemu
Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch
Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch
@@ -278,6 +297,10 @@
Patch266: CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
Patch267: CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch
Patch268: CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch
+Patch269: CVE-2015-4037-qemuu-smb-config-dir-name.patch
+Patch270: CVE-2015-4037-qemut-smb-config-dir-name.patch
+Patch271: CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
+Patch272: CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
# Our platform specific patches
Patch301: xen-destdir.patch
Patch302: vif-bridge-no-iptables.patch
@@ -363,18 +386,6 @@
Patch606: xen.build-compare.seabios.patch
Patch607: xen.build-compare.man.patch
Patch608: ipxe-no-error-logical-not-parentheses.patch
-# MSI issues (bsc#907514 bsc#910258 bsc#918984 bsc#923967)
-Patch700: 552d293b-x86-vMSI-X-honor-all-mask-requests.patch
-Patch701: 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
-Patch702: 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
-Patch703: 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
-Patch704: 5583d9c5-x86-MSI-X-cleanup.patch
-Patch705: 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
-Patch706: 55b0a218-x86-PCI-CFG-write-intercept.patch
-Patch707: 55b0a255-x86-MSI-X-maskall.patch
-Patch708: 55b0a283-x86-MSI-X-teardown.patch
-Patch709: 55b0a2ab-x86-MSI-X-enable.patch
-Patch710: 55b0a2db-x86-MSI-track-guest-masking.patch
# grant table performance improvements
Patch715: 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch
Patch716: 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch
@@ -648,6 +659,20 @@
%patch37 -p1
%patch38 -p1
%patch39 -p1
+%patch40 -p1
+%patch41 -p1
+%patch42 -p1
+%patch43 -p1
+%patch44 -p1
+%patch45 -p1
+%patch46 -p1
+%patch47 -p1
+%patch48 -p1
+%patch49 -p1
+%patch50 -p1
+%patch51 -p1
+%patch52 -p1
+%patch53 -p1
%patch131 -p1
%patch137 -p1
%patch139 -p1
@@ -666,6 +691,11 @@
%patch14016 -p1
%patch14017 -p1
%patch142 -p1
+%patch148 -p1
+%patch149 -p1
+%patch151 -p1
+%patch152 -p1
+%patch153 -p1
# Upstream qemu patches
%patch250 -p1
%patch251 -p1
@@ -686,6 +716,10 @@
%patch266 -p1
%patch267 -p1
%patch268 -p1
+%patch269 -p1
+%patch270 -p1
+%patch271 -p1
+%patch272 -p1
# Our platform specific patches
%patch301 -p1
%patch302 -p1
@@ -770,18 +804,6 @@
%patch606 -p1
%patch607 -p1
%patch608 -p1
-# MSI issues (bsc#907514 bsc#910258 bsc#918984 bsc#923967)
-%patch700 -p1
-%patch701 -p1
-%patch702 -p1
-%patch703 -p1
-%patch704 -p1
-%patch705 -p1
-%patch706 -p1
-%patch707 -p1
-%patch708 -p1
-%patch709 -p1
-%patch710 -p1
# grant table performance improvements
%patch715 -p1
%patch716 -p1
++++++ 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -113,7 +113,7 @@
if ( idx != 0 )
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
-@@ -4592,7 +4592,7 @@ int xenmem_add_to_physmap_one(
+@@ -4595,7 +4595,7 @@ int xenmem_add_to_physmap_one(
mfn = virt_to_mfn(d->shared_info);
break;
case XENMAPSPACE_grant_table:
@@ -122,7 +122,7 @@
if ( d->grant_table->gt_version == 0 )
d->grant_table->gt_version = 1;
-@@ -4614,7 +4614,7 @@ int xenmem_add_to_physmap_one(
+@@ -4617,7 +4617,7 @@ int xenmem_add_to_physmap_one(
mfn = virt_to_mfn(d->grant_table->shared_raw[idx]);
}
@@ -133,7 +133,7 @@
case XENMAPSPACE_gmfn:
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
-@@ -196,7 +196,7 @@ active_entry_acquire(struct grant_table
+@@ -196,7 +196,7 @@ active_entry_acquire(struct grant_table
{
struct active_grant_entry *act;
++++++ 5583d9c5-x86-MSI-X-cleanup.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -104,7 +104,7 @@
u32 mask_bits;
u16 seg = entry->dev->seg;
u8 bus = entry->dev->bus;
-@@ -703,13 +707,14 @@ static u64 read_pci_mem_bar(u16 seg, u8
+@@ -701,13 +705,14 @@ static u64 read_pci_mem_bar(u16 seg, u8
* requested MSI-X entries with allocated irqs or non-zero for otherwise.
**/
static int msix_capability_init(struct pci_dev *dev,
@@ -120,7 +120,7 @@
u16 control;
u64 table_paddr;
u32 table_offset;
-@@ -721,7 +726,6 @@ static int msix_capability_init(struct p
+@@ -719,7 +724,6 @@ static int msix_capability_init(struct p
ASSERT(spin_is_locked(&pcidevs_lock));
@@ -128,7 +128,7 @@
control = pci_conf_read16(seg, bus, slot, func, msix_control_reg(pos));
msix_set_enable(dev, 0);/* Ensure msix is disabled as I set it up */
-@@ -886,10 +890,9 @@ static int __pci_enable_msi(struct msi_i
+@@ -884,10 +888,9 @@ static int __pci_enable_msi(struct msi_i
old_desc = find_msi_entry(pdev, msi->irq, PCI_CAP_ID_MSI);
if ( old_desc )
{
@@ -142,7 +142,7 @@
*desc = old_desc;
return 0;
}
-@@ -897,10 +900,10 @@ static int __pci_enable_msi(struct msi_i
+@@ -895,10 +898,10 @@ static int __pci_enable_msi(struct msi_i
old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSIX);
if ( old_desc )
{
@@ -157,7 +157,7 @@
}
return msi_capability_init(pdev, msi->irq, desc, msi->entry_nr);
-@@ -914,7 +917,6 @@ static void __pci_disable_msi(struct msi
+@@ -912,7 +915,6 @@ static void __pci_disable_msi(struct msi
msi_set_enable(dev, 0);
BUG_ON(list_empty(&dev->msi_list));
@@ -165,7 +165,7 @@
}
/**
-@@ -934,7 +936,7 @@ static void __pci_disable_msi(struct msi
+@@ -932,7 +934,7 @@ static void __pci_disable_msi(struct msi
**/
static int __pci_enable_msix(struct msi_info *msi, struct msi_desc **desc)
{
@@ -174,7 +174,7 @@
struct pci_dev *pdev;
u16 control;
u8 slot = PCI_SLOT(msi->devfn);
-@@ -943,23 +945,22 @@ static int __pci_enable_msix(struct msi_
+@@ -941,23 +943,22 @@ static int __pci_enable_msix(struct msi_
ASSERT(spin_is_locked(&pcidevs_lock));
pdev = pci_get_pdev(msi->seg, msi->bus, msi->devfn);
@@ -204,7 +204,7 @@
*desc = old_desc;
return 0;
}
-@@ -967,15 +968,13 @@ static int __pci_enable_msix(struct msi_
+@@ -965,15 +966,13 @@ static int __pci_enable_msix(struct msi_
old_desc = find_msi_entry(pdev, -1, PCI_CAP_ID_MSI);
if ( old_desc )
{
@@ -225,7 +225,7 @@
}
static void _pci_cleanup_msix(struct arch_msix *msix)
-@@ -993,19 +992,16 @@ static void _pci_cleanup_msix(struct arc
+@@ -991,19 +990,16 @@ static void _pci_cleanup_msix(struct arc
static void __pci_disable_msix(struct msi_desc *entry)
{
@@ -254,7 +254,7 @@
msix_set_enable(dev, 0);
BUG_ON(list_empty(&dev->msi_list));
-@@ -1047,7 +1043,7 @@ int pci_prepare_msix(u16 seg, u8 bus, u8
+@@ -1045,7 +1041,7 @@ int pci_prepare_msix(u16 seg, u8 bus, u8
u16 control = pci_conf_read16(seg, bus, slot, func,
msix_control_reg(pos));
@@ -263,7 +263,7 @@
multi_msix_capable(control));
}
spin_unlock(&pcidevs_lock);
-@@ -1066,8 +1062,8 @@ int pci_enable_msi(struct msi_info *msi,
+@@ -1064,8 +1060,8 @@ int pci_enable_msi(struct msi_info *msi,
if ( !use_msi )
return -EPERM;
@@ -274,7 +274,7 @@
}
/*
-@@ -1117,7 +1113,9 @@ int pci_restore_msi_state(struct pci_dev
+@@ -1115,7 +1111,9 @@ int pci_restore_msi_state(struct pci_dev
if ( !pdev )
return -EINVAL;
++++++ 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -137,7 +137,7 @@
spin_unlock_irqrestore(&desc->lock, flags);
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
-@@ -2503,6 +2503,25 @@ int unmap_domain_pirq_emuirq(struct doma
+@@ -2502,6 +2502,25 @@ int unmap_domain_pirq_emuirq(struct doma
return ret;
}
@@ -230,7 +230,7 @@
.enable = unmask_msi_irq,
.disable = mask_msi_irq,
.ack = ack_maskable_msi_irq,
-@@ -593,7 +605,8 @@ static int msi_capability_init(struct pc
+@@ -591,7 +603,8 @@ static int msi_capability_init(struct pc
entry[i].msi_attrib.is_64 = is_64bit_address(control);
entry[i].msi_attrib.entry_nr = i;
entry[i].msi_attrib.maskbit = is_mask_bit_support(control);
@@ -240,7 +240,7 @@
entry[i].msi_attrib.pos = pos;
if ( entry[i].msi_attrib.maskbit )
entry[i].msi.mpos = mpos;
-@@ -819,7 +832,8 @@ static int msix_capability_init(struct p
+@@ -817,7 +830,8 @@ static int msix_capability_init(struct p
entry->msi_attrib.is_64 = 1;
entry->msi_attrib.entry_nr = msi->entry_nr;
entry->msi_attrib.maskbit = 1;
@@ -250,7 +250,7 @@
entry->msi_attrib.pos = pos;
entry->irq = msi->irq;
entry->dev = dev;
-@@ -1154,7 +1168,8 @@ int pci_restore_msi_state(struct pci_dev
+@@ -1152,7 +1166,8 @@ int pci_restore_msi_state(struct pci_dev
for ( i = 0; ; )
{
@@ -260,7 +260,7 @@
if ( !--nr )
break;
-@@ -1306,7 +1321,7 @@ static void dump_msi(unsigned char key)
+@@ -1304,7 +1319,7 @@ static void dump_msi(unsigned char key)
else
mask = '?';
printk(" %-6s%4u vec=%02x%7s%6s%3sassert%5s%7s"
@@ -269,7 +269,7 @@
type, irq,
(data & MSI_DATA_VECTOR_MASK) >> MSI_DATA_VECTOR_SHIFT,
data & MSI_DATA_DELIVERY_LOWPRI ? "lowest" : "fixed",
-@@ -1314,7 +1329,10 @@ static void dump_msi(unsigned char key)
+@@ -1312,7 +1327,10 @@ static void dump_msi(unsigned char key)
data & MSI_DATA_LEVEL_ASSERT ? "" : "de",
addr & MSI_ADDR_DESTMODE_LOGIC ? "log" : "phys",
addr & MSI_ADDR_REDIRECTION_LOWPRI ? "lowest" : "cpu",
@@ -317,18 +317,18 @@
static unsigned int iommu_msi_startup(struct irq_desc *desc)
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
-@@ -999,7 +999,7 @@ static void dma_msi_unmask(struct irq_de
- sts &= ~DMA_FECTL_IM;
- dmar_writel(iommu->reg, DMAR_FECTL_REG, sts);
+@@ -996,7 +996,7 @@ static void dma_msi_unmask(struct irq_de
+ spin_lock_irqsave(&iommu->register_lock, flags);
+ dmar_writel(iommu->reg, DMAR_FECTL_REG, 0);
spin_unlock_irqrestore(&iommu->register_lock, flags);
- iommu->msi.msi_attrib.masked = 0;
+ iommu->msi.msi_attrib.host_masked = 0;
}
static void dma_msi_mask(struct irq_desc *desc)
-@@ -1014,7 +1014,7 @@ static void dma_msi_mask(struct irq_desc
- sts |= DMA_FECTL_IM;
- dmar_writel(iommu->reg, DMAR_FECTL_REG, sts);
+@@ -1008,7 +1008,7 @@ static void dma_msi_mask(struct irq_desc
+ spin_lock_irqsave(&iommu->register_lock, flags);
+ dmar_writel(iommu->reg, DMAR_FECTL_REG, DMA_FECTL_IM);
spin_unlock_irqrestore(&iommu->register_lock, flags);
- iommu->msi.msi_attrib.masked = 1;
+ iommu->msi.msi_attrib.host_masked = 1;
++++++ 55b0a218-x86-PCI-CFG-write-intercept.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -14,7 +14,7 @@
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
-@@ -1110,6 +1110,12 @@ void pci_cleanup_msi(struct pci_dev *pde
+@@ -1108,6 +1108,12 @@ void pci_cleanup_msi(struct pci_dev *pde
msi_free_irqs(pdev);
}
++++++ 55b0a255-x86-MSI-X-maskall.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -15,7 +15,7 @@
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
-@@ -845,6 +845,12 @@ static int msix_capability_init(struct p
+@@ -843,6 +843,12 @@ static int msix_capability_init(struct p
if ( !msix->used_entries )
{
@@ -28,7 +28,7 @@
if ( rangeset_add_range(mmio_ro_ranges, msix->table.first,
msix->table.last) )
WARN();
-@@ -1113,6 +1119,34 @@ void pci_cleanup_msi(struct pci_dev *pde
+@@ -1111,6 +1117,34 @@ void pci_cleanup_msi(struct pci_dev *pde
int pci_msi_conf_write_intercept(struct pci_dev *pdev, unsigned int reg,
unsigned int size, uint32_t *data)
{
++++++ 55b0a283-x86-MSI-X-teardown.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -265,7 +265,7 @@
}
void guest_mask_msi_irq(struct irq_desc *desc, bool_t mask)
-@@ -422,13 +489,15 @@ void guest_mask_msi_irq(struct irq_desc
+@@ -422,13 +489,15 @@ void guest_mask_msi_irq(struct irq_desc
static unsigned int startup_msi_irq(struct irq_desc *desc)
{
@@ -283,7 +283,7 @@
}
void ack_nonmaskable_msi_irq(struct irq_desc *desc)
-@@ -742,6 +811,9 @@ static int msix_capability_init(struct p
+@@ -740,6 +809,9 @@ static int msix_capability_init(struct p
control = pci_conf_read16(seg, bus, slot, func, msix_control_reg(pos));
msix_set_enable(dev, 0);/* Ensure msix is disabled as I set it up */
@@ -293,7 +293,7 @@
if ( desc )
{
entry = alloc_msi_entry(1);
-@@ -881,7 +953,8 @@ static int msix_capability_init(struct p
+@@ -879,7 +951,8 @@ static int msix_capability_init(struct p
++msix->used_entries;
/* Restore MSI-X enabled bits */
@@ -303,7 +303,7 @@
return 0;
}
-@@ -1026,8 +1099,16 @@ static void __pci_disable_msix(struct ms
+@@ -1024,8 +1097,16 @@ static void __pci_disable_msix(struct ms
BUG_ON(list_empty(&dev->msi_list));
@@ -322,7 +322,7 @@
pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), control);
_pci_cleanup_msix(dev->msix);
-@@ -1201,15 +1282,24 @@ int pci_restore_msi_state(struct pci_dev
+@@ -1199,15 +1280,24 @@ int pci_restore_msi_state(struct pci_dev
nr = entry->msi.nvec;
}
else if ( entry->msi_attrib.type == PCI_CAP_ID_MSIX )
++++++ 55b0a2ab-x86-MSI-X-enable.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -171,7 +171,7 @@
}
int __setup_msi_irq(struct irq_desc *desc, struct msi_desc *msidesc,
-@@ -805,20 +850,38 @@ static int msix_capability_init(struct p
+@@ -803,20 +848,38 @@ static int msix_capability_init(struct p
u8 bus = dev->bus;
u8 slot = PCI_SLOT(dev->devfn);
u8 func = PCI_FUNC(dev->devfn);
@@ -211,7 +211,7 @@
ASSERT(msi);
}
-@@ -849,6 +912,8 @@ static int msix_capability_init(struct p
+@@ -847,6 +910,8 @@ static int msix_capability_init(struct p
{
if ( !msi || !msi->table_base )
{
@@ -220,7 +220,7 @@
xfree(entry);
return -ENXIO;
}
-@@ -891,6 +956,8 @@ static int msix_capability_init(struct p
+@@ -889,6 +954,8 @@ static int msix_capability_init(struct p
if ( idx < 0 )
{
@@ -229,7 +229,7 @@
xfree(entry);
return idx;
}
-@@ -917,7 +984,7 @@ static int msix_capability_init(struct p
+@@ -915,7 +982,7 @@ static int msix_capability_init(struct p
if ( !msix->used_entries )
{
@@ -238,7 +238,7 @@
if ( !msix->guest_maskall )
control &= ~PCI_MSIX_FLAGS_MASKALL;
else
-@@ -953,8 +1020,8 @@ static int msix_capability_init(struct p
+@@ -951,8 +1018,8 @@ static int msix_capability_init(struct p
++msix->used_entries;
/* Restore MSI-X enabled bits */
@@ -249,7 +249,7 @@
return 0;
}
-@@ -1094,8 +1161,15 @@ static void __pci_disable_msix(struct ms
+@@ -1092,8 +1159,15 @@ static void __pci_disable_msix(struct ms
PCI_CAP_ID_MSIX);
u16 control = pci_conf_read16(seg, bus, slot, func,
msix_control_reg(entry->msi_attrib.pos));
@@ -266,7 +266,7 @@
BUG_ON(list_empty(&dev->msi_list));
-@@ -1107,8 +1181,11 @@ static void __pci_disable_msix(struct ms
+@@ -1105,8 +1179,11 @@ static void __pci_disable_msix(struct ms
"cannot disable IRQ %d: masking MSI-X on %04x:%02x:%02x.%u\n",
entry->irq, dev->seg, dev->bus,
PCI_SLOT(dev->devfn), PCI_FUNC(dev->devfn));
@@ -279,7 +279,7 @@
pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), control);
_pci_cleanup_msix(dev->msix);
-@@ -1257,6 +1334,8 @@ int pci_restore_msi_state(struct pci_dev
+@@ -1255,6 +1332,8 @@ int pci_restore_msi_state(struct pci_dev
list_for_each_entry_safe( entry, tmp, &pdev->msi_list, list )
{
unsigned int i = 0, nr = 1;
@@ -288,7 +288,7 @@
irq = entry->irq;
desc = &irq_desc[irq];
-@@ -1283,10 +1362,18 @@ int pci_restore_msi_state(struct pci_dev
+@@ -1281,10 +1360,18 @@ int pci_restore_msi_state(struct pci_dev
}
else if ( entry->msi_attrib.type == PCI_CAP_ID_MSIX )
{
@@ -308,7 +308,7 @@
return -ENXIO;
}
}
-@@ -1316,11 +1403,9 @@ int pci_restore_msi_state(struct pci_dev
+@@ -1314,11 +1401,9 @@ int pci_restore_msi_state(struct pci_dev
if ( entry->msi_attrib.type == PCI_CAP_ID_MSI )
{
unsigned int cpos = msi_control_reg(entry->msi_attrib.pos);
@@ -322,7 +322,7 @@
multi_msi_enable(control, entry->msi.nvec);
pci_conf_write16(pdev->seg, pdev->bus, PCI_SLOT(pdev->devfn),
PCI_FUNC(pdev->devfn), cpos, control);
-@@ -1328,7 +1413,9 @@ int pci_restore_msi_state(struct pci_dev
+@@ -1326,7 +1411,9 @@ int pci_restore_msi_state(struct pci_dev
msi_set_enable(pdev, 1);
}
else if ( entry->msi_attrib.type == PCI_CAP_ID_MSIX )
++++++ 55b0a2db-x86-MSI-track-guest-masking.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -15,7 +15,7 @@
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
-@@ -1305,6 +1305,37 @@ int pci_msi_conf_write_intercept(struct
+@@ -1303,6 +1303,37 @@ int pci_msi_conf_write_intercept(struct
return 1;
}
++++++ 55f9345b-x86-MSI-fail-if-no-hardware-support.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -12,7 +12,7 @@
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
-@@ -566,6 +566,8 @@ static int msi_capability_init(struct pc
+@@ -696,6 +696,8 @@ static int msi_capability_init(struct pc
ASSERT(spin_is_locked(&pcidevs_lock));
pos = pci_find_cap_offset(seg, bus, slot, func, PCI_CAP_ID_MSI);
++++++ 5604f239-x86-PV-properly-populate-descriptor-tables.patch ++++++
--- /var/tmp/diff_new_pack.Do0HSP/_old 2015-11-02 12:54:48.000000000 +0100
+++ /var/tmp/diff_new_pack.Do0HSP/_new 2015-11-02 12:54:48.000000000 +0100
@@ -18,9 +18,25 @@
Signed-off-by: Jan Beulich
From 27593ec62bdad8621df910931349d964a6dbaa8c Mon Sep 17 00:00:00 2001 From: Ian Jackson
Date: Wed, 21 Oct 2015 16:18:30 +0100 Subject: [PATCH XSA-153 v3] libxl: adjust PoD target by memory fudge, too
PoD guests need to balloon at least as far as required by PoD, or risk
crashing. Currently they don't necessarily know what the right value
is, because our memory accounting is (at the very least) confusing.
Apply the memory limit fudge factor to the in-hypervisor PoD memory
target, too. This will increase the size of the guest's PoD cache by
the fudge factor LIBXL_MAXMEM_CONSTANT (currently 1Mby). This ensures
that even with a slightly-off balloon driver, the guest will be
stable even under memory pressure.
There are two call sites of xc_domain_set_pod_target that need fixing:
The one in libxl_set_memory_target is straightforward.
The one in xc_hvm_build_x86.c:setup_guest is more awkward. Simply
setting the PoD target differently does not work because the various
amounts of memory during domain construction no longer match up.
Instead, we adjust the guest memory target in xenstore (but only for
PoD guests).
This introduces a 1Mby discrepancy between the balloon target of a PoD
guest at boot, and the target set by an apparently-equivalent `xl
mem-set' (or similar) later. This approach is low-risk for a security
fix but we need to fix this up properly in xen.git#staging and
probably also in stable trees.
This is XSA-153.
Signed-off-by: Ian Jackson